When I was doing bandwidth tests, I found the server's inbound speed was much slower than outbound. I tried downloading a bunch of different provider's 10MB test files from the command line of my server using wget. They were all around 20-30 Kbps.

When I take those same 10MB files and serve them from my dedicated box, the results are much different. My server can push the files out at over 1Mbps.

Why would my server be set up this way, and is this normal behaviour? I sent a ticket to OLM, but their support seems to take a long time. So I figured I would bounce the question off of all you here on WHT

but how do i blacklist an ip now ? (this needs to be done via external app and not via iptables matches/hitcounts)iptables -A INPUT -s xxx.xxx.xxx.xxx -m recent --name blacklist --setwould renew the blacklist every time that ip sends a packet no matter if it is blocked or not. and also that rule would remain in iptables even when expired

Basically, I use ddos-deflate to block ddos attack.I already set the max conection to 25.But it seems not working. all the connections over 25 have not been blocked.Did I miss something?I mean after I issue

VPS With Mostly Inbound Traffic
Imagine you want a set of servers (VPSs would be a cheaper choice, that is why I am posting here) that do not have much outbound traffic but download from other servers (more or less as spiders, but I am not trying to create a web index). Disk space or memory size are not important, but port speed and monthly transfer should be as high as possible. As inbound traffic is less frequently used, I wonder if any provider offer cheaper rates if traffic is like this.

I have been searching the forums and have not found too much about this topic (a quite related post named "I want to download the Internet" or something similar did not get a conclusion).

Is It Possible To Specify An IP Address To Use For Inbound Traffic
I have 2 IPs bounded on a Windows 2003 server. These 2 IPs have different network routes (one uses network A, one uses network B). Obviously for outbound traffic I can freely choose which IP to use (I simply choose to use [url]or [url]), however I wonder if it's possible to tell the server which IP it should use for inbound traffic when I need to download something from the internet to the server?

Default Outbound IP Address With Virutal IPs
I have an interesting situation on my CentOS 4 server. I have a number of virtual adapters (e.g. eth0:1, eth0:2 etc), and for some reason all outbound traffic is going through one of these, not eth0. If I go to ipchicken.com, it shows the ipaddress of a virtual adapter, not the normal eth0 adapter.

I have been looking around for information on how to set the default adapter to eth0, but I can't seem to find anything. I can't reboot yet, as it's a production server, so I have to wait for 'scheduled maintenance'. If that's the solution, I can try it, but I am sure there is another underlying issue/routine here.

Is there a way, while live, to set the outbound adapter back to eth0?

Please note, that I have only just realized this has happened. In fact, it has been this way since November. I can tell because server name stamps on Email messages sent from this server indicate a virtual domain at that IP address. I recall I had done some work around that time, which had involved me ifup'ing and ifdown'ing some of these adapters (but not eth0, or the eth0:100 adapter (if I recall correctly) that is now the default).

Also note that I have groups of eth0 adapters, such like:eth0:1eth0:2eth0:3eth0:100eth0:101eth0:102

Can't Send Outbound Email From My Server With Comcast
It appears Comcast is now blocking port 25. As a result, I can't sent outbound email via my dedicated server. They had me change to port 587 for my comast email account, but that doesn't solve my not being able to send outbound from my dedicated server.

Is there anythighn I can do (like change the post my mail server uses to 587) so that I can send outbound mail from my server with outlook (over Comcast connection) or am I just stuck now with using web mail?

Can We Create OutBound Rules In Smarter Mail
i have installed a new mail server i.e. SmarterMail, and from past few days i have devoted much time to find "How to create Out Bound rules in Smarter Mail?" but unfortunately i ended up with no solution, hence here i am seeking help from all the member of WHT for my two questions:

Stop Outbound Spam On An Open Wireless Network
I'm not sure if this is the right place to be posting this, but at our hotel, we have wireless routers (Linksys) that any of our clients can use to connect their laptops to the internet. We have been getting reports from our ISP that spam has been coming from our external IP address, so I wanted to know what people would recommend as ways to combat either our computers or any of our clients' computers from sending out spam. The internet is connected through a firewall/server computer running linux. I thought about blocking port 25, but I'm sure we would have clients complaining about not being able to send any mail.

I've gotten a couple comments that some of my outbound personal mail is ending up in spam folders. I think it's almost completely limited to having Outlook (or Express?) as a client... which I assume doesn't even do network-based lookups. Nonetheless I don't seem to be on any blacklists, and running it through my own spamassassin filter comes up basically zero score. But the fact that more than one person has had the problem concerns me greatly. Also, I haven't seen any significant reason why the content itself would trigger anything.

I realize a public spam test service would basically be a "testing ground" for spammers to evade detection, but there's obviously legitimate uses as well... is there such a tool somewhere? Thanks for any advice. Public information sharing is key to a forum, but PMs are welcome in this case.

How To Block IP
some Chinese forums hotlinking images from my site and I even delete those images they keep sending me huge amount of http requests to my hosting server and eating 800mb of memory and upto 1GB cause server crash

I tried to block incoming referrer traffic from those sites using htaccess but it didn't work , I still see their http request on my server logs and memory keep goes high , am not sure my code is the right

how can I block these http request from these domains , what is the right htaccess code , I use DirectAdmin panel by the way

How To Block A Block Of IP'S
I'm currently experiencing a lot of IP's starting with 200 and 201 (from Brazil) some IPís have over 200 connections. I have APF installed and want to know how to block a block on ip's if this is possible.IPS:200.11.*******201.*******

Iptables Gone
I am experiencing a strange problem with iptables: after in activate them, they are gone in a few minutes. For example, I drop traffic from an ip and after few seconds, all rules are flushed without touching anything!

Iptables
Do you find iptables enough or do you use a hardware firewall for linux? I haven't used anything less than hardware firewalls for years but I gather than most simply rely on iptables. Is that a smart choice?

# iptables -D INPUT -s 25.55.55.55 -j DROPiptables v1.3.8: Couldn't load target `standard':/usr/local/lib/iptables/libipt_standard.so: cannot open shared object file: No such file or directoryWhat is going on? The libipt_standard.so file is located in /lib/iptables, but not /usr/local/lib/iptables. I tried moving all of the libipt files into the /usr/local/lib/iptables directory, but I got segmentation errors.

How To Tell Fortigate Not To Block My VPS IP
Fortigate appliances blocking an IP that is not in RBLs I have a problem with the IP 66.187.108.157 of my VPS it seems to be blocked by Fortigate appliances, as you can see in this error message:

Block Spam
I'm having difficulties with a whm running on centos dedicated server. The problem is that we receive too much of spam and junk emails. by too much I mean 2000 bulks per week. It's killing us.

Block An IP Range ...
I set up a forum for a small group of users, so I don't really wish to see spiders or bots on it, so I've put a robots.txt file there to prevent all of them from accessing the forum pages.

I know not all bots follow the robots.txt rule, and these days a really annoying bot called MUNAXNET or Munax AB with IP range 82.99.30.0 - 82.99.30.127 is causing the forum to have extra and unexpected loads.

I've tried to block this IP range with .htaccess and uploaded it to the root of the site a few days ago, here is the content:

<Limit GET HEAD POST>order allow,denydeny from 82.99.30.0-82.99.30.127allow from all</LIMIT>However strangely it seems that all of these are not working for this bot, today I saw my forum had 80 users online and that army still keeps coming and browsing all pages of my forums...

I tested the .htaccess with blocking myself, and it actually worked for me, dunno why it's not working for that bot..

Should I Block Yandex
I was just researching my log analyzers to see whats happening... I noticed something new in the logs, a large number of unnamed robots or spiders... so I found the robot... it was this:

23310 7.99% 23303 9.48% 1159765 18.56% 22 0.12% 77.88.26.26

After some reading, sites say the ip belongs to spider26.yandex.ru

For simply security reasons, would it be in best interest to block the entire subnet? It seems that the same IP ending in .25 belongs to spider25.yandex.ru

Block A Bot By Netmask
I have a Juniper firewall. I'm seeing a ton of traffic from the Twiceler bot in the range of 100,000 hits a day. Luckily they've more recently put up a list of IP addresses their bots use at:

[url]

So, I'm blocking all of these now. However I think it's a simple Netmask issue I'm having. I'm blocking all ports from

208.36.144.0/2438.99.13.0/2438.99.44.0/2464.1.215.0/24

However, I am still seeing the bot in server log files. Could it be that I should not be specifying .0 at the end, but instead .1? Like this in the policy?